Prev Question
Next Question

You want to securely distribute credentials for your Amazon RDS instance to your fleet of web server instances. The
credentials are stored in a file that is controlled by a configuration management system. How do you securely deploy the
credentials in an automated manner across the fleet of web server instances, which can number in the hundreds, while
retaining the ability to roll back if needed?

A.
Store your credential files in an Amazon S3 bucket.
Use Amazon S3 server-side encryption on the credential files.
Have a scheduled job that pulls down the credential files into the instances every 10 minutes.

B.
Store the credential files in your version-controlled repository with the rest of your code.
Have a post-commit action in version control that kicks off a job in your continuous integration system which securely copses the new
credential files to all web server instances.

C.
Insert credential files into user data and use an instance lifecycle policy to periodically refresh the file from the user data.

D.
Keep credential files as a binary blob in an Amazon RDS MySQL DB instance, and have a script on each Amazon EC2 instance that
pulls the files down from the RDS instance.

E.
Store the credential files in your version-controlled repository with the rest of your code.
Use a parallel file copy program to send the credential files from your local machine to the Amazon EC2 instances.

Prev Question
Next Question

Leave a Reply

Your email address will not be published. Required fields are marked *